[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DKIM: Does DKIM provide adequate protection from a malicious domain from spoofing a sender's address?
Earl Hood wrote:
This was -- and continues to be -- the subject of much debate. The
[Maybe this is not within the scope of DKIM, but I will ask it
anyway since it may affect how well DKIM is accepted.]
What prevents a malicious domain from spoofing a sender's address?
I.e. Is there anything in DKIM that (effectively) prevents a malicious
domain from using my personal address, or any one elses address?
was to have the mechanics for binding the dkim address (eg i=) to outside
addresses (eg From) addressed in the signing policy draft. Due to time
the text that was in DKIM base did not make it into ssp, but it should
go back in
the next rev.
I think that the longer term answer with resigners (eg, mailing lists)
they want to preserve the original DKIM signature bound to the From
address as well as resign it themselves. At some level, resigners (ie,
signers who want to preserve the original From address) will need to be
dealt with in the reputation domain because there is no obvious other
if the original From signature is missing or broken.